b'\x0cThe U.S. International Trade Commission is an independent, nonpartisan, quasi-judicial federal agency\nthat provides trade expertise to both the legislative and executive branches of government, determines the\nimpact of imports on U.S. industries, and directs actions against certain unfair trade practices, such as\npatent, trademark, and copyright infringement. USITC analysts and economists investigate and publish\nreports on U.S. industries and the global trends that affect them. The agency also maintains and publishes\nthe Harmonized Tariff Schedule of the United States.\n\n\n\n\n                                             Commissioners\n                                        Irving A. Williamson, Chairman\n                                        Shara L. Aranoff\n                                        Dean A. Pinkert\n                                        David S. Johanson\n                                        Meredith M. Broadbent\n                                        F. Scott Kieff\n\x0cChairman\n\n\n\n\n              UNITED STATES INTERNATIONAL TRADE COMMISSION\n\n                                  WASHINGTON, DC 20436\n\n                                       November 29, 2013\n\n\n\n\nMessage from the Chairman\n\nIn accordance with the Inspector General Act of 1978, as amended, 5 U.S.C. App. 3 (the IG Act),\nthe U.S. International Trade Commission (USITC or Commission) hereby transmits the\nSemiannual Report of the USITC Inspector General for the period April 1, 2013 to September 31,\n2013.\n\nThe Commission appreciates the work done by the Office of Inspector General in assuring the\neffectiveness, efficiency, and integrity of Commission programs and operations. Inspector\nGeneral Philip M. Heneghan and his staff continue to provide invaluable service to the\nCommission. We look forward to continuing to work with the Inspector General as we address\nthe issues raised in this report.\n\nThe Inspector General\xe2\x80\x99s Semiannual Report identifies the top management and\nperformance challenges in FY 2013 that require significant attention from the USITC. The\nCommission concurs with the critical challenges identified by the Inspector General. We\ncontinue our efforts to address these challenges to ensure that our internal operations are well\nmanaged. The corrective actions that have been both initiated and completed address many of the\nchallenges identified by the Inspector General.\n\nThe actions we are taking with respect to the Inspector General\xe2\x80\x99s identified broad management\nchallenges on (1) internal control, (2) financial management, and (3) use of information\ntechnology to improve staff productivity, are summarized in Part I of this message. Part II of this\nmessage addresses the status of specific corrective actions as they relate to the Inspector\nGeneral\xe2\x80\x99s recommendations of individual audits.\n\n\n\n                                                 1\n\x0c   I.      Addressing Management and Performance Challenges\n\n           A. Internal Control\n\nThe Commission recognizes that internal control management touches all areas of the\norganization and affects the administrative, programmatic, information technology, security,\ncompliance, and financial controls at the entity as well as office-level. Due to the complexity of\nthe actions that need to be taken and the limited availability of resources, the Commission\nremains realistic regarding the timeline to complete remediation actions related to this\nmanagement challenge. The multi-year effort to transform the management structure and culture\nof the Commission, which is underway, has the support of the Chairman, the Commissioners,\nand the members of the agency\xe2\x80\x99s Senior Executive Service (SES).\n\nDuring the past few years the Commission focused much of its efforts on implementing financial\ncontrols, as evidenced by the recent unqualified audit opinions. The Commission is now\nexpanding its efforts to establish and implement an effective internal control system that\naddresses agency-wide processes. The Commission is planning to focus on the development of a\nrisk based internal control structure and expand its business process mapping efforts throughout\nthe agency in order to continue to establish, implement, and monitor strong and effective internal\ncontrols.\n\n           B. Financial Management\n\nThe Commission is pleased to report that the financial management challenge has been\neliminated since the issuance of the Inspector General\xe2\x80\x99s report. Furthermore, the Commission\nwould like to note that the agency received an unqualified audit opinion on the FY 2012 and FY\n2011 financial statements and is currently undergoing the final stages of the FY 2013 audit. As\npart of the FY 2013 audit process, the Commission was able to provide evidence that the\nCommission eliminated the agency\xe2\x80\x99s financial material weakness and significant deficiency\nwhile improving the overall financial documentation.\n\n\n           C. Using Information Technology to Improve Staff Productivity\n\nInformation technology is integral to the Commission\xe2\x80\x99s operations and the productivity of its\nstaff. The Commission recognizes that more needs to be done in this area to support and improve\nstaff productivity, and is committed to doing so.\n\nStaff frequently perform Commission work while off premises, and should be able to do so at all\ntimes and especially in the event that the primary data center becomes unavailable. Recently, the\nCommission made operational an alternate/disaster recovery data center and implemented remote\naccess improvements. The Commission also recently tested and confirmed the operation of this\ndata recovery center and is now in the process of expanding its capabilities.\n\nThrough the Office of the CIO, the Commission is investing significant effort into upgrading the\nCommission\xe2\x80\x99s aged technology platform that supports many of the services delivered to both the\npublic and ITC employees. During this past year, the agency transitioned to open source database\n                                                2\n\x0ctechnologies, which significantly reduced costs and provided efficiency gains. Additional\nupgrade work continues on the replacement of obsolete network assets and technology. The\nCommission recognizes that it must continue to work to ensure that its IT resources are available\nto staff in a way that enhances their productivity and protects the security of government\ninformation assets, and the Commission intends to expand the feedback it is obtaining from staff\nand the public in order to make the appropriate improvements.\n\nAs the Commission\xe2\x80\x99s operational units continue to document and define their business activities,\nthis knowledge will enable the Commission to plan and deploy technology that will increase\nthese units\xe2\x80\x99 efficiency and effectiveness. For example, the Commission is in the process of\nsignificantly automating the management of the Harmonized Tariff Schedule so that it can be\nupdated more efficiently and so that it can minimize the risk of human error. Also, the\nCommission has developed a sophisticated database to assess trends and facilitate its resource\nplanning for its 337 investigations. As additional business processes are evaluated, the\nCommission will continue to evaluate its commitment of resources towards applying technology\nto enhance productivity.\n\nThe now-operational alternate/disaster recovery data center addresses a number of the\ndeficiencies cited in the annual Inspector General Cyberscope Fiscal Year 2012 submission. The\nCommission will make progress on the remaining items by prioritizing and assigning the\nappropriate resources necessary to address remaining deficiencies.\n\n\nII. Actions on Recommendations\n\nA. Actions on Inspector General Recommendations Made in this Reporting Period\n\nDuring this April 1, 2013 to September 31, 2013 semiannual reporting period, the Inspector\nGeneral issued two new reports, one on the security of public-facing endpoints and one on the\nperimeter network security. These reports provided the Commission with a total of ten new\nrecommendations. For each of these recommendations, the Commission issued management\ndecisions for corrective action in a timely manner. During this period, the Commission also\nissued management decisions in response to an audit submitted at the end of the previous\nreporting period on its purchase card program. Management decisions for those previous\nrecommendations were also issued in a timely manner. With regard to corrective action on audits\nfrom previous reporting periods, the Commission completed final action on the management\ndecisions associated with three such reports, and intends to resolve its other outstanding\nmanagement decisions as expendiously as possible.\n\n\n\n\n                                                3\n\x0cB. Actions on Recommendations Made from Prior Periods\n\n      (1) Evaluation of the Commission\xe2\x80\x99s Fiscal Year 2005 Information Security Program and\n      Practices Audit Report (OIG-AR-04-05). The Commission has fully implemented its\n      final decisions as of late September 2013, but managerial review of this work was not\n      completed by the end of that reporting period. As such, this will be completed in the\n      current reporting period.\n\n      (2) Inspection of Physical Security (OIG-SP-11-12). Lower staffing levels in the Office\n      of Security Services due in part to reduced hiring in light of budget uncertainties, and\n      uncertainty in the security field regarding best-practices following the recent Navy Yard\n      incident, resulted in a delay in implementation of certain management decisions\n      associated with the findings in this IG inspection. Additionally, the government shutdown\n      in October resulted in a cascading delay in the physical access control system (PACS)\n      upgrade on the part of our vendor. Nevertheless the outstanding audit follow-up\n      requirements are being addressed. The draft Occupant Emergency Plan circulated in\n      September is undergoing revision to incorporate comments received from OGC and\n      others. PACS installation continues, with data load underway and upgrades to readers and\n      computer systems complete and awaiting testing and acceptance. We plan to close-out\n      the remaining management decisions by the end of January 2014.\n\n      (3) Evaluation of Employee Outprocessing Program (OIG-ER-12-07). During the\n      reporting period, the Commission continued to work on completing actions associated\n      with the IG\xe2\x80\x99s report. Management extended the deadlines on several of these\n      management decisions in order to design and implement a comprehensive electronic\n      system for out-processing, details, and transfers, and to design and implement training\n      associated with the new system. Additionally, testing and rollout were delayed due in part\n      to the government shutdown. System design and process development have now been\n      completed, and the training and implementation phases are scheduled to be completed\n      during the current reporting period.\n\n      (4) Evaluation of Modifications to the Harmonized Tariff Schedule (OIG-ER-12-08).\n      The Commission timely completed all actions to address the recommendations as to the\n      existing procedures for modifying the HTS. The development of a new system that is\n      web-based and provides an electronic workflow for modifying the HTS was delayed due\n      to funding considerations. A contractor has been hired and the development team is\n      working with program staff to produce the upgraded system that will respond to the IG\n      recommendations and management response. The project to build the new system and\n      meet other implementation goals, such as training, should be completed during the\n      second quarter of FY 2014.\n\n\n      (5) Evaluation on Controlling Confidential Business Information and Business\n      Proprietary Information (OIG-ER-12-09). The Commission has made progress in\n      developing a written policy that specifically addresses procedures for handling and\n      destroying non-record copies of confidential business information and business\n      proprietary information when an investigation or proceeding is closed. The Commission\n                                              4\n\x0c      has almost completed an evaluation of the legality and the risk of preserving nonrecord\n      copies of documents after the close of an investigation.\n\n      (6) Audit of Software Licensing (OIG-AR-12-10). The final stages of the software clean-\n      up have been delayed in order to allow the completion of hardware lifecycle replacement\n      and the implementation of compliance monitoring software. The removal of other\n      noncompliant software from the remaining hardware is expected to be completed by the\n      second quarter of 2014.\n\n\n      The statistical tables, required under the IG Act, are included as Appendix A of this\n      report.\n\n\nC. Actions on External Reviews\n\n      In the last reporting period, the Commission completed final actions on all outstanding\n      management decisions stemming from the Office of Personnel Management (OPM)\n      review of the Commission\xe2\x80\x99s human capital management. To complete these final actions,\n      the Commission issued several human capital management documents, including a\n      strategic human capital plan, a training plan, a human capital accountability plan, a\n      succession management plan, a diversity and inclusion strategic plan, and a review of the\n      Commission awards program. During the last reporting period, OPM began a new human\n      capital management evaluation and recently issued its report and findings. Corrective\n      action has already begun to take place with respect to OPM\xe2\x80\x99s new findings, noting that\n      some of are have already been completed.\n\n\n\n\nIrving A. Williamson\nChairman\n\n\n\n\n                                               5\n\x0c\x0c     UNITED STATES INTERNATIONAL TRADE COMMISSION\n\n                                WASHINGTON, DC 20436\n\n\nOctober 31, 2013                                                  OIG-LL-016\n\nCommissioners:\n\nAttached is the Semiannual Report summarizing the activities of the Office of Inspector\nGeneral (OIG) for the period April 1, 2013 to September 30, 2013.\n\nDuring this period, we issued two reports and made 10 recommendations to promote the\nefficiency, effectiveness, and integrity of the Commission\xe2\x80\x99s operations. The Commission\ncompleted final action on one of these recommendations during this reporting period.\nAdditionally, the Commission completed final action on 33 recommendations that had\nbeen made by the Inspector General in prior reporting periods.\n\nI would like to thank you for your commitment to strengthening the operations of the\nCommission and supporting the work of my office.\n\n\n\n\nPhilip M. Heneghan\nInspector General\n\x0c\x0c                    U.S. International Trade Commission\n                                 Inspector General Semiannual Report\n\n\n                                          TABLE OF CONTENTS\n\n\nOffice of Inspector General.............................................................................................. 1\n\nSemiannual Report Requirements .................................................................................. 1\n\nTop Management and Performance Challenges............................................................ 2\n  1. Internal Control.......................................................................................................... 2\n  2. Financial Management............................................................................................... 3\n  3. Using Information Technology to Improve Staff Productivity.................................. 4\n\nInspector General Reports Issued During this Period .................................................. 5\n  Audit of Perimeter Network Security, OIG-AR-13-09................................................... 5\n  Audit of Security of Public-Facing Endpoints, OIG-AR-13-10 ..................................... 6\n\nSignificant Recommendations from Prior Periods ........................................................ 7\n\nHotline and Investigations................................................................................................ 8\n Investigations and Inquiries \xe2\x80\x93 Overview ........................................................................ 8\n OIG Hotline Contacts ..................................................................................................... 8\n Investigations and Inquiries ............................................................................................ 9\n\nExternal Reviews Completed During this Period .......................................................... 9\n  Office of Personnel Management \xe2\x80\x93 Human Resources Review ..................................... 9\n\nStatus of Actions Related to External Reviews Completed During Prior Periods ... 10\n\nReviews Completed for Other Offices of Inspector General ...................................... 10\n\nCongressional Activities ................................................................................................. 10\n\nCouncil on Inspectors General for Integrity and Efficiency....................................... 11\n\nFederal Financial Management Improvement Act Reporting ................................... 11\n\nPeer Review ..................................................................................................................... 11\n\n\n\n\n                                                                 i\n                              Report Period: April 1, 2013 through September 30, 2013\n\x0c               U.S. International Trade Commission\n                            Inspector General Semiannual Report\n\nTables\n  Table 1:   Reporting Requirements Index ...................................................................... iii\n  Table 2:   Management and Performance Challenges ..................................................... 2\n  Table 3:   Reports by Subject Matter ............................................................................... 5\n  Table 4:   Significant Recommendations from Prior Reports........................................ 12\n  Table 5:   Reports with Questioned or Unsupported Costs............................................ 12\n  Table 6:   Reports with Recommendations that Funds be Put to Better Use ................. 13\n  Table 7:   Reports With Final Action Completed During This Reporting Period ......... 14\n  Table 8:   Status of Reports Issued Without Final Action ............................................. 15\n\nAppendices\nAppendix A: Chairman\xe2\x80\x99s Statistical Tables\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6...A-1\n\n\n\n\n                                                         ii\n                         Report Period: April 1, 2013 through September 30, 2013\n\x0c          U.S. International Trade Commission\n                     Inspector General Semiannual Report\n\n                         Table 1: Reporting Requirements Index\n\n\n\n                          Reporting Requirements Index\n\n   IG Act                                  Description                       Page\nSection 4(a)(2)       Review of Legislation                                  None\n                      Description of Significant Problems, Abuses, and\nSection 5(a)(1)                                                              2-4\n                      Deficiencies\n                      Description of Recommendations for Corrective\nSection 5(a)(2)       Action with Respect to Significant Problems, Abuses,   5-6\n                      and Deficiencies\n                      Significant Recommendations From Prior Reports on\nSection 5(a)(3)                                                              7, 12\n                      Which Corrective Action Has Not Been Completed\n                      A Summary of Matters Referred to Prosecuting\nSection 5(a)(4)                                                              None\n                      Authorities\n                      Summary of Instances Where Information or\nSection 5(a)(5)                                                              None\n                      Assistance was Unreasonably Refused\n                      Listing by Subject Matter of each Report Issued\nSection 5(a)(6)                                                               5\n                      during this Reporting Period\nSection 5(a)(7)       Summary of Significant Reports                         5-6\n                      Statistical Table showing Questioned and\nSection 5(a)(8)                                                               12\n                      Unsupported Costs\n                      Statistical Table showing Recommendations Where\nSection 5(a)(9)                                                               13\n                      Funds Could be Put to Better Use\n                      Summary of Audit Reports Issued Before the Start of\nSection 5(a)(10)      the Reporting Period for Which no Management           None\n                      Decision Has Been Made\n                      Description of Any Significant Revised Management\nSection 5(a)(11)                                                             None\n                      Decisions\n                      Information Concerning any Significant Management\nSection 5(a)(12)\n                      Decision with Which the Inspector General is in        None\n                      Disagreement\nSection 5(a)(13)      Information described under section 5(b) of FFMIA       11\n                      Results of Peer Review Completed During This\nSection 5(a)(14)                                                              11\n                      Period or Date of Last Peer Review\n                      List of Any Outstanding Recommendations From\nSection 5(a)(15)                                                             None\n                      Peer Review\n                      List of any Peer Reviews Conducted of Another\nSection 5(a)(16)                                                             None\n                      Office of Inspector General During this Period\n\n\n\n\n                                             iii\n                   Report Period: April 1, 2013 through September 30, 2013\n\x0c\x0c             U.S. International Trade Commission\n                       Inspector General Semiannual Report\n\n\n                         Office of Inspector General\nThe U.S. International Trade Commission established the Office of Inspector General\npursuant to the 1988 amendments to the Inspector General Act (IG Act). The Inspector\nGeneral provides audit, evaluation, inspection, and investigative services covering all\nCommission programs and operations. The mission of the Inspector General is to\npromote and preserve the effectiveness, efficiency, and integrity of the Commission. The\nOffice of Inspector General\xe2\x80\x99s activities are planned and conducted based on requirements\nof laws and regulations, requests from management officials, allegations received from\nCommission personnel and other sources, and the Inspector General\xe2\x80\x99s initiative.\n\nDuring this reporting period, the Inspector General developed and issued the five-year\nstrategic plan for fiscal years 2014\xe2\x80\x932018 that aligns with the strategic goals of the\nCommission. The strategic planning process solicited input from a broad group of\nstakeholders, including the Commissioners and Office Directors, to aid in identifying the\npriorities, challenges, and risks facing the Commission. The strategic plan was then used\nas the foundation to develop the FY 2014 Annual Audit Plan, which was issued on\nSeptember 26, 2013.\n\n\n\n\n                     Semiannual Report Requirements\nThe IG Act requires each Inspector General to prepare a report, semiannually, that\nsummarizes the activities of the office. This Semiannual Report covers the period from\nApril 1, 2013, through September 30, 2013. The 17 requirements, shown in Table 1, are\nspecified in the IG Act and must be included in the report. The layout of this Semiannual\nReport is described below.\n\nThis Semiannual Report starts with a description of the Management and Performance\nChallenges Report, OIG-MR-13-02, which identified three management challenges\nfacing the Commission and the actions management has taken to address these\nchallenges. It then summarizes the results of the two reports issued during this period,\ndescribes significant recommendations from prior reports where final action is not\ncomplete, and summarizes the hotline and investigative activities of the Inspector\nGeneral. The next section provides a summary of other reviews of the Commission\nconducted by external parties; along with the status of recommendations from those\nreports. The last sections supply information on other reportable activities such as\n\n\n\n\n                                               1\n                        Report: April 1, 2013 through September 30, 2013\n\x0c              U.S. International Trade Commission\n                        Inspector General Semiannual Report\n\ncongressional activity, participation in the Council on Inspectors General for Integrity\nand Efficiency, other compliance activities, and our Peer Review status. Additional\ntables at the end of the report detail statistics on Office of Inspector General reports and\nrecommendations.\n\n\n\n\n           Top Management and Performance Challenges\nThe Inspector General is required by statute to identify the most significant management\nand performance challenges facing the Commission in the coming year. The Inspector\nGeneral provided the Commission with a report (OIG-MR-13-02) on October 15, 2012.\nThe report identified the challenges based on information learned from audit, evaluation,\nand inspection work, a general knowledge of the Commission\xe2\x80\x99s programs and activities,\nand input from management regarding challenges facing the agency. The management\nand performance challenges identified by the Office of Inspector General include the\nthree areas identified in Table 2. Following the table is a short discussion of the three\nchallenges and the efforts the agency has taken to address them.\n\n\n                      Table 2: Management and Performance Challenges\n\n                     Management and Performance Challenges\n           1. Internal Control\n           2. Financial Management\n           3. Using Information Technology to Improve Staff Productivity\n\n\n1. Internal Control\n\nThe Commission\xe2\x80\x99s management is responsible for establishing and maintaining a system\nof internal controls that can ensure effective and efficient operations, reliable financial\nreporting, and compliance with laws and regulations. The Commission has had a long-\nstanding culture of undocumented and informal processes to complete daily tasks.\nDocumented and consistent processes and procedures are necessary to provide a\nreasonable level of assurance that offices are operating in an efficient and effective\nmanner.\n\nThe Commission has taken steps to address this weakness by establishing a business\nprocess mapping team to document the flow of existing business processes. The\n\n\n                                                2\n                         Report: April 1, 2013 through September 30, 2013\n\x0c             U.S. International Trade Commission\n                       Inspector General Semiannual Report\n\nCommission established a mapping team and introduced training to help the Commission\ndocument business processes via mapping techniques. The Process Mapping Team has\nbeen working with Commission staff to capture existing business processes to answer\nquestions such as: (1) what conditions affect a given process? and (2) What design or\ndeployment aspects could be enhanced? The team has done process maps in eight\ndifferent lines of business or services for a total of 153 process maps.\n\nThese process maps will allow the Commission an opportunity to perform an analysis of\nits processes to look for areas for improvement by identifying redundant and ineffective\nprocesses, performance gaps, or areas of risk. It also provides the Commission with a\nbaseline illustrative process that can be used to begin establishing and documenting\nformal procedures.\n\nIn addition, the Chief Financial Officer hired an Internal Control Program Manager to\nestablish a comprehensive program to address organizational internal control. Since\ncoming on board in December 2012, the Internal Control Program Manager has been\nworking one-on-one with office directors and designated representatives to promote\nawareness of internal controls and develop an effective program in support of specific\norganizational capabilities, requirements, and limitations.\n\nThe Commission is committed to improving and strengthening the internal control\nenvironment. At the same time, the Commission understands a sustained effort over a\nlong period of time is needed to achieve a mature and effective internal control program.\nThe Commission will be challenged to manage and drive the cultural changes associated\nwith the development and implementation of an effective organizational internal control\nprogram.\n\n2. Financial Management\n\nAs a result of its disclaimer on the 2009 financial statements the Commission recognized\nthe importance and necessity of instituting a system of stronger financial controls and has\nimplemented corrective actions to address financial management deficiencies.\n\nFor example, the Commission established a new Office of the Chief Financial Officer,\nand has recruited personnel with the appropriate knowledge and technical skills to fill key\nfinancial management positions. The filling of these vacancies has led to improvements\nin overall financial management. Important examples of this are the recent audits of the\nCommission\xe2\x80\x99s financial statements, which received a qualified opinion in 2010, and\nunqualified opinions in 2011 and 2012.\n\nThe management challenge has been to transform financial management from an\naccounting exercise to a process that ensures that managers will have access to timely,\nreliable, and practical information that will enable them to make informed decisions. The\n\n\n                                               3\n                        Report: April 1, 2013 through September 30, 2013\n\x0c             U.S. International Trade Commission\n                       Inspector General Semiannual Report\n\nOffice of the Chief Financial Officer has taken steps to address the financial reporting\nchallenges by meeting with operational managers to discuss reporting requirements and\ndeveloping a reporting tool to provide access to financial reports.\n\nChallenges remain to provide managers with reports to effectively monitor the\nexpenditure of funds, evaluate program performance, and make informed financial\ndecisions on the Commission\xe2\x80\x99s programs and operations.\n\n3. Using Information Technology to Improve Staff Productivity\n\nKnowledge workers require a stable, productive information technology platform to\nefficiently and effectively perform their work. Skilled staff are expected to perform their\nmission whether they are on or off premises, and the platform supporting their work\nshould be resilient enough to allow work to continue, even in the absence of the primary\ndata center.\n\nSignificant information technology challenges remain that reduce the efficiency and\neffectiveness of Commission staff. Examples of lost productivity include computers that\ncan take 15 minutes to become operational at boot-up, the multiple and forced reboots\nduring standard working hours, email outages spanning five days, and continued\nundiagnosed performance problems affecting remote access. Systems should be designed\nto minimize delays and work-stopping reboots, and to enable the recovery from outages\nin minutes or hours instead of days.\n\nTo improve productivity, the Commission should prioritize the appropriate skills and\nresources in the right areas to ensure that both basic and enhanced services work well and\ncontribute to a stable, consistent environment to effectively serve its staff regardless of\ntheir location, or the situation at the primary data center.\n\nWe also reported separately (through the Chairman) to the Office of Management and\nBudget, deficiencies in 7 of 11 information technology program areas evaluated as part of\nthe annual Inspector General Cyberscope Fiscal Year 2012 submission. The seven\nprogram areas needing improvement are: Continuous Monitoring, Configuration\nManagement, Contingency Planning, Identity and Access Management, Incident\nResponse and Reporting, Risk Management, and Remote Access Management. The\nCommission faces many challenges implementing information technology solutions to\nimprove staff productivity.\n\n\n\n\n                                               4\n                        Report: April 1, 2013 through September 30, 2013\n\x0c                U.S. International Trade Commission\n                           Inspector General Semiannual Report\n\n\n         Inspector General Reports Issued During this Period\n The Inspector General issued two reports with a total of 10 recommendations during this\n reporting period. The Commission made management decisions on all of the\n recommendations, and the Inspector General agreed with all the management decisions.\n\n The Commission made management decisions on 6 recommendations issued during the\n last reporting period that were not due until after the last reporting period had closed.\n The Inspector General agreed with all of these management decisions.\n\n A listing of each report issued during this reporting period, by subject matter, is provided\n in Table 3.\n                                 Table 3: Reports by Subject Matter\n\n                                   Reports by Subject Matter\n  Subject           Report                                            Date           Number of\n                                          Report Title\n  Matter            Number                                           Issued       Recommendations\n                                Audit of Perimeter Network\nIT Security      OIG-AR-13-09                                    06/24/2013                 7\n                                Security\n                                Audit of Security of Public-\nIT Security       OIG-AR-13-10                                   06/24/2013                 3\n                                Facing Endpoints\nTotal Recommendations Issued During This Reporting Period                                  10\nNOTE: There were no questioned costs, unsupported costs or funds identified that could be put to better\nuse in any of these reports.\n\n\n\n Audit of Perimeter Network Security, OIG-AR-13-09\n\n RESULT: The audit determined that the Commission\xe2\x80\x99s perimeter defense was effective.\n\n We conducted an audit to evaluate the effectiveness of the Commission\xe2\x80\x99s network\n security perimeter. An effective perimeter defense is a significant component of a\n complete security program designed to prevent attackers from gaining unauthorized\n access to Commission resources and exploiting the network.\n\n We attempted to gain unauthorized access by conducting penetration testing of the\n externally available wired nodes on the Commission\xe2\x80\x99s network. The device list used for\n this audit included but was not limited to all servers, workstations, routers, email\n gateways, and firewalls. The test included login attempts designed to allow information\n gathering, privilege escalation, and access to other areas of the Commission\xe2\x80\x99s network\n infrastructure.\n\n\n\n\n                                                    5\n                            Report: April 1, 2013 through September 30, 2013\n\x0c             U.S. International Trade Commission\n                       Inspector General Semiannual Report\n\nTo perform the testing, we used software to detect servers and their responding ports, and\nthen we scanned these servers for vulnerabilities and found:\n\n   x   The Commission\xe2\x80\x99s intrusion detection system effectively prevents port scanning;\n   x   It was not possible to gain unauthorized access to identified services within the\n       scope of the audit; and\n   x   The majority of listening services identified seemed to be functions necessary for\n       the Commission to conduct business.\n\nAlthough the network perimeter defense effectively prevented our intrusion attempts, we\nidentified two areas for improvement. The first area for improvement was related to the\nCommission\xe2\x80\x99s scanning procedures and the second was to remediate webserver\nvulnerabilities identified during the audit.\n\nThe report contained seven recommendations to address the two improvement areas. The\nChairman agreed with our findings and made management decisions to address the\nrecommendations.\n\nAudit of Security of Public-Facing Endpoints, OIG-AR-13-10\n\nRESULT: The audit determined that the Commission did not secure its public-facing\nendpoints.\n\nWe conducted an audit of the responding ports on the Commission\xe2\x80\x99s network to\ndetermine if its public-facing endpoints were secure. The goal of perimeter defense is to\nminimize the number and exploitability of responding ports, known as the \xe2\x80\x9cattack\nsurface.\xe2\x80\x9d To secure its public-facing endpoints, the Commission must block access to\nnetwork ports that should not respond to the Internet.\n\nWhen accessed from the Internet, ITCnet should have had 14 responding IP addresses\nand 26 responding ports to provide the services necessary to support USITC\xe2\x80\x99s business\nfunctions.\n\nOur scan of responding network ports identified the following:\n\n   x   41 responding ports from 18 different IP addresses;\n   x   15 of 41 ports that should not have responded to our scans;\n   x   4 of 18 IP addresses were detected that should not have been visible; and\n   x   Two ports responded with a telnet login prompt to a network device.\n\nWe found two problem areas: 1) the Commission did not block access to ports that\nshould not respond to the Internet, and 2) it did not perform ongoing scanning to detect\n\n                                               6\n                        Report: April 1, 2013 through September 30, 2013\n\x0c             U.S. International Trade Commission\n                       Inspector General Semiannual Report\n\nvulnerabilities. As a result, they were unaware that ports were open that should not have\nbeen accessible from the Internet. When we identified ports that should not have been\nresponding, we immediately notified the Office of the Chief Information Officer, who\nthen took action to block Internet access to those ports.\n\nWe issued three recommendations to address the problem areas identified in the report.\nThe Chairman agreed with our assessment, acknowledged the problem areas, and\ndeveloped management decisions to address the recommendations.\n\n\n\n\n         Significant Recommendations from Prior Periods\nThe Commission has 29 recommendations described in prior semiannual reports where\ncorrective action has not yet been completed. The Inspector General identified three of\nthe 29 recommendations as significant. A brief summary of each significant\nrecommendation from prior periods is described below.\n\nThe first significant recommendation is from an evaluation that focused on modifications\nto the Harmonized Tariff Schedule of the United States. The evaluation found that the\nCommission maintained the Harmonized Tariff Schedule in many different electronic\nfiles and various file formats. This resulted in inaccurate and inconsistent information to\nbe presented on the Commission\xe2\x80\x99s public website. The Inspector General recommended\nthat the Commission develop and implement a single database to manage the Harmonized\nTariff Schedule. The Commission made management decisions to implement the\nrecommendation.\n\nThe second significant recommendation is from a report that reviewed whether the\nCommission effectively controlled the use and retention of confidential business\ninformation and business proprietary information at the end of an investigation or\nproceeding. The evaluation found that confidential business information and business\nproprietary information was retained indefinitely as a routine practice by employees as a\nmatter of convenience and preference. The Inspector General recommended that the\nCommission create written policy that specifically addresses procedures for handling and\ndestroying non-record copies of confidential business information and business\nproprietary information when an investigation or proceeding is closed. The Commission\nmade management decisions to implement the recommendation.\n\nThe third significant recommendation from prior periods is from an audit of software\nlicensing. The report found that the Commission did not have a complete record of all\nsoftware installed on its network. By not preventing or detecting software from being\ninstalled, the Commission is at risk of violating license agreements as well as subjecting\nits network and systems to additional risks. The Inspector General recommended that the\n\n                                               7\n                        Report: April 1, 2013 through September 30, 2013\n\x0c              U.S. International Trade Commission\n                       Inspector General Semiannual Report\n\nOffice of the Chief Information Officer implement technical monitoring to detect the\ninstallation of software, including details on when it was installed and by whom. The\nCommission made management decisions to implement the recommendation.\n\nA listing that identifies each recommendation along with the corresponding report\nnumber is provided in Table 4.\n\n\n\n\n                           Hotline and Investigations\n\nInvestigations and Inquiries \xe2\x80\x93 Overview\nIn accordance with professional standards and guidelines, the Inspector General conducts\ninvestigations and inquiries of criminal, civil, and administrative wrongdoing involving\nCommission programs, operations, and personnel. Investigations may involve possible\nviolations of regulations regarding employee responsibilities and conduct, Federal\ncriminal law, and other statutes and regulations pertaining to the activities of the\nCommission.\n\nThe Inspector General reviews and analyzes all complaints received to determine the\nappropriate course of action. In instances where it is determined that something less than\na full investigation is appropriate, the Inspector General may conduct a preliminary\ninquiry into the allegation. If the information obtained during the inquiry indicates that a\nfull investigation is warranted, the Inspector General will commence an investigation of\nthe allegation.\n\nOIG Hotline Contacts\nThe OIG maintains a Hotline for reporting information about suspected waste, fraud,\nabuse, or mismanagement involving Commission programs or operations. Information\nmay be provided by telephone, fax, email, mail, or through a web-based form. Upon\nrequest, a provider\xe2\x80\x99s identity will be kept confidential. Reports may also be made\nanonymously.\n\nWe receive complaints from employees, contractors, and the public that involve the\nCommission\xe2\x80\x99s areas of responsibility. We examine these complaints to determine\nwhether there is any indication of Commission wrongdoing or misconduct. If the\ncomplaint does not relate to the USITC, we refer the complaint to the appropriate agency\nfor response. If the complaint does not have merit, we close the matter.\n\nThe OIG has worked to increase awareness of the Hotline throughout the Commission by\ncreating a series of Hotline posters and holding OIG Outreach sessions with Commission\noffices.\n\n\n                                               8\n                        Report: April 1, 2013 through September 30, 2013\n\x0c              U.S. International Trade Commission\n                       Inspector General Semiannual Report\n\nInvestigations and Inquiries\nThe Inspector General did not have any investigation or inquiry activity to report during\nthis reporting period.\n\n\n\n\n           External Reviews Completed During this Period\nThere was one external review of the Commission\xe2\x80\x99s programs completed during this\nreporting period. The review was performed by the U.S. Office of Personnel\nManagement. The final report was issued on June 25, 2013. The result and a summary\nof the external review are described below.\n\nOffice of Personnel Management \xe2\x80\x93 Human Resources Review\n\nThe Office of Personnel Management performed an assessment of the Commission\xe2\x80\x99s human\nresource program. The purpose of the review was to determine the Commission\xe2\x80\x99s adherence\nto merit system principles, compliance with laws and regulations, and to assess effectiveness\nof the administration of human resource management and systems. The review was based on\nthree human capital management elements from the Office of Personnel Management\xe2\x80\x99s\nHuman Capital Assessment and Accountability Framework. The three areas of review were:\n\n   x   Leadership and Knowledge Management;\n   x   Results-Oriented Performance Culture; and\n   x   Talent Management, including USITC\xe2\x80\x99s delegated examining program.\n\nThe Office of Personnel Management assessed 26 criteria from the three review areas. Two\nof the review areas were determined to be not applicable to the Commission. The results\nfrom the remaining 24 assessed areas are as follows:\n\n   x   The Commission met the anticipated results in 12 of the 26 areas.\n   x   The Commission partially met the anticipated results in 6 of the assessed areas.\n   x   The Commission did not meet the anticipated results in 6 of the assessed areas.\n\nThe final report identified 25 recommendations for the Commission. The Commission made\nmanagement decisions to implement all of the recommendations.\n\n\n\n\n                                               9\n                        Report: April 1, 2013 through September 30, 2013\n\x0c              U.S. International Trade Commission\n                       Inspector General Semiannual Report\n\n\n    Status of Actions Related to External Reviews Completed\n                      During Prior Periods\nThe Commission did not have any open management decisions related to external\nreviews completed during prior periods.\n\n\n\n\n   Reviews Completed for Other Offices of Inspector General\n\nSection 6(a)(3) of the Inspector General Act of 1978, as amended, gives the Inspector\nGeneral the authority to obtain assistance for carrying out the duties and responsibilities\nprovided by the Act from any other Federal agency.\n\nThe Inspector General provides assistance to other Offices of Inspector General by\nperforming independent information technology reviews. The reviews can cover a wide\narray of information technology subject areas such as: penetration testing, vulnerability\nassessments, configuration review, and evaluation of monitoring and incident detection\nand remediation.\n\nTo facilitate assistance, the Inspector General will enter into a Memorandum of\nUnderstanding with the other Federal agency, in accordance with 31 U.S.C. 1535, the\nEconomy Act of 1932, as amended. The Memorandum of Understanding describes the\nsubject area to be independently reviewed, scope, methodology, cost, schedule, and any\nassociated deliverables in writing before work is to be commenced. We completed one\nreview during this reporting period.\n\n\n\n\n                            Congressional Activities\nThe Inspector General responded to two congressional inquiries this reporting period.\nBoth inquiries were seeking updates from the Inspector General community on previous\ndata requests. The first inquiry was from the Chairman and Ranking Member of the\nHouse Committee on Finance, and the Ranking Member of the Senate Committee on\nOversight and Government Reform. They were seeking an update from the Inspector\nGeneral community on open and unimplemented recommendations.\n\nThe second request was from the Ranking Member of the House Committee on Finance\nand the Ranking Member of the Subcommittee on Investigations Homeland Security and\nGovernmental Affairs Committee. They were seeking updated information to determine\n\n                                              10\n                        Report: April 1, 2013 through September 30, 2013\n\x0c              U.S. International Trade Commission\n                       Inspector General Semiannual Report\n\nif the Office of Inspector General has had any instances of closed investigations,\nevaluations, and audits that were not disclosed to the public or any instances of threats\nfrom federal officials trying to impede communications with Congress.\n\n\n\n\n   Council on Inspectors General for Integrity and Efficiency\nThe Inspector General has actively participated in meetings and supported the efforts of\nthe Council on Inspectors General for Integrity and Efficiency (CIGIE). The Office of\nthe Inspector General staff have volunteered to serve as members on various working\ngroups and committees that address cross-cutting issues such as, knowledge management,\ncloud computing, investigations, cyber security, new media, small agencies concerns, and\nlegislative issues.\n\n\n\n  Federal Financial Management Improvement Act Reporting\nThe IG Act and the Federal Financial Management Improvement Act of 1996 (FFMIA)\nrequire the Inspectors General of certain agencies to report \xe2\x80\x9cinstances and reasons\xe2\x80\x9d when\nthe agency has not met intermediate target dates established in a remediation plan to\nbring the agency\xe2\x80\x99s financial management system into substantial compliance with the\nFFMIA. The Commission is not subject to the FFMIA; however, it voluntarily seeks to\ncomply with most of its requirements. During this reporting period, there were no events\ngiving rise to a duty to report under FFMIA.\n\n\n\n                                     Peer Review\nThe Office of Inspector General\xe2\x80\x99s last peer review report of our audit operations was\nissued on January 16, 2013. The report determined that the system of quality control for\nconducting audits had been suitably designed and implemented; and received a peer\nreview rating of pass. All recommendations identified in the report have been\nimplemented.\n\nThe peer review schedule is set by the CIGIE; the next peer review of my office will be\nconducted in two years. We are scheduled to perform a peer review of another Inspector\nGeneral\xe2\x80\x99s audit operation during the next reporting period.\n\n\n\n                                              11\n                        Report: April 1, 2013 through September 30, 2013\n\x0c               U.S. International Trade Commission\n                          Inspector General Semiannual Report\n\nTable 4: Prior Significant Recommendations Where Corrective Action Has Not Been Completed\n\n\n                       Prior Significant Recommendations\n                 Where Corrective Action Has Not Been Completed\n    Report Number                                     Recommendation\n                        Develop and implement a single database to manage the Harmonized\n    OIG-ER-12-08\n                        Tariff Schedule.\n                        Create a Commission-wide written policy that specifically addresses\n                        procedures for handling and destroying nonrecord copies of confidential\n     OIG-ER12-09\n                        business information and business proprietary information when an\n                        investigation or proceeding is closed.\n                        Implement technical monitoring to detect the installation of software,\n    OIG-AR-12-10\n                        including details on when it was installed and by whom.\n\n\n                     Table 5: Reports with Questions and Unsupported Costs\n\n                   Reports with Questioned and Unsupported Costs\n                                   Section 5(a)8\n                                              Number of         Questioned         Unsupported\n             Description\n                                               Reports            Costs               Costs\nReports for which no management\ndecision has been made by the\n                                                      11               $0                 $0\ncommencement of the reporting\nperiod.\nReports issued during the reporting\n                                                      2                $0                 $0\nperiod.\n                             Subtotals                3\nReports for which a management\ndecision was made during the                          3                $0                 $0\nreporting period.\n    x Dollar value of disallowed\n                                                                       $0                 $0\n        costs.\n    x Dollar value of allowed costs.                                   $0                 $0\nReports for which no management\ndecision has been made by the end of                  0                $0                 $0\nthe reporting period.\n                             Subtotals                3                $0                 $0\n\n\n1\n  Management Decisions were received in response to the purchase card report, OIG-ER-13-08, which was\nissued at the end of the last reporting period and management decisions were not due until after the\nreporting period had closed.\n\n                                                 12\n                           Report: April 1, 2013 through September 30, 2013\n\x0c               U.S. International Trade Commission\n                          Inspector General Semiannual Report\n\nTable 6: Reports w/ Recommendations that Funds be Put to Better Use\n\n\n\n         Reports with Recommendations that Funds be Put to Better Use\n                               Section 5(a)9\n                                                               Number of         Funds Put to\n                        Description\n                                                                Reports           Better Use\n    Reports for which no management decision has been\n                                                                      12                 $0\n    made by the commencement of the reporting period.\n    Reports issued during the reporting period.                        2                 $0\n                                                Subtotals              3                 $0\n    Reports for which a management decision was made\n                                                                       3\n    during the reporting period.\n        x Dollar value of recommendations agreed to by\n                                                                                         $0\n            management.\n        x Dollar value of recommendations not agreed\n                                                                                         $0\n            to by management.\n    Reports for which no management decision has been\n                                                                       0                 $0\n    made by the end of the reporting period.\n                                                Subtotals              3                 $0\n\n\n\n\n2\n  Management Decisions were received in response to the purchase card report, OIG-ER-13-08, which was\nissued at the end of the last reporting period and management decisions were not due until after the\nreporting period had closed.\n\n                                                 13\n                           Report: April 1, 2013 through September 30, 2013\n\x0c                U.S. International Trade Commission\n                            Inspector General Semiannual Report\n\n            Table 7: Reports With Final Action Completed During this Reporting Period\n\n\n                            Reports With Final Action Completed\n                               During this Reporting Period\n                             Reports Issued This Reporting Period\n                                                                 Final Action     Final Action\n                                       # of        Mgt.\n             Report Title                                        Complete in     Complete This\n                                       Recs.     Decisions\n                                                                 Prior Periods       Period\n    None.\n                             Totals      0             0                0               0\n                                      Prior Reporting Periods\n                                                                 Final Action     Final Action\n                                       # of        Mgt.\n             Report Title                                        Complete in     Complete This\n                                       Recs.     Decisions\n                                                                 Prior Periods       Period\n    Compliance with Laws and\n1                                        2             2                1               1\n    Regulations, OIG-AR-11-04\n    Report on Internal Control for\n2                                        12            12              10               2\n    FY 2011, OIG-AR-12-03\n    Audit of Title VII Preliminary\n3                                        2             2                1               1\n    Process, OIG-AR-12-06\n    Report on Internal Control for\n4                                        3             3                1               2\n    FY 2012, OIG-AR-13-04\n    Management Letter for FY\n5   2012 Financial Statements,           2             2                0               2\n    OIG-ML-13-06\n                             Totals      21            21              13               8\n\n\n\n\n                                                  14\n                            Report: April 1, 2013 through September 30, 2013\n\x0c                U.S. International Trade Commission\n                            Inspector General Semiannual Report\n\n                       Table 8: Status of Reports Issued Without Final Action\n\n                     Status of Reports Issued Without Final Action\n                                       This Reporting Period\n                                                                Decisions\n                                                                                Final      Action\n                                        # of       Mgt.            IG\n             Report Title                                                       Action      Not\n                                        Recs.    Decisions      Disagrees\n                                                                               Complete   Complete\n                                                                  With\n    Audit of Perimeter Network\n1                                         7            7             0            0          7\n    Security, OIG-AR-13-09\n    Audit of Security of Public\n2   Facing Endpoints,                     3            3             0            1          2\n    OIG-AR-13-10\n                             Totals       10           10            0            1          9\n                                       Prior Reporting Periods\n                                                                  Final         Final\n                                                                 Action         Action     Action\n                                        # of       Mgt.\n             Report Title                                       Complete       Complete     Not\n                                        Recs.    Decisions\n                                                                  Prior          This     Complete\n                                                                 Periods        Period\n    FISMA FY 2004 Performance\n1                                         14           14           12            1          1\n    Audit, OIG-AR-04-05\n    Inspection of Physical Security,\n2                                         22           22            8            6          8\n    OIG-SP-11-12\n    Evaluation of Employee Out-\n3   Processing Program,                   11           11            5            3          3\n    OIG-ER-12-07\n    Evaluation of Modifications to\n4                                         8            8             5            2          1\n    HTS, OIG-ER-12-08\n    Evaluation of Controlling\n5                                         6            6             0            0          6\n    CBI/BPI, OIG-ER-12-09\n    Audit of Software Licensing,\n6                                         6            6             0            2          4\n    OIG-AR-12-10\n    Audit of Citrix Remote Access,\n7                                         11           11            0            9          2\n    OIG-AR-13-01\n    Evaluation of the Purchase\n8                                         6            6             0            2          4\n    Card Program, OIG-ER-13-08\n                             Totals       84           84           30            25         29\n\n\n\n\n                                                  15\n                            Report: April 1, 2013 through September 30, 2013\n\x0c\x0c             U.S. International Trade Commission\n                                        Appendix A\n\n\nAppendix A: Chairman\xe2\x80\x99s Statistical Tables\n                           Table A: Reports with Disallowed Costs\n\n  Total Number of Reports and the Dollar Value of Disallowed Costs\n                                                            Number\n                                                                        Dollar Value of\n                     Description                              of\n                                                                        Disallowed Costs\n                                                            Reports\n Reports issued during the period.                              2              $0\n Reports for which final action had not been taken by\n                                                               13              $0\n the commencement of the reporting period.\n Reports on which management decisions were made\n                                                                1              $0\n during the reporting period.\n Reports for which final action was taken during the\n                                                                5              $0\n reporting period.\n     x Dollar value of disallowed costs, recovered                             $0\n         by management.\n     x Dollar value of disallowed costs written off                            $0\n         by management.\n Reports for which no final action has been taken by\n                                                               10              $0\n the end of the reporting period.\n\n           Table B: Reports with Recommendations that Funds be Put to Better Use\n\n\n    Reports with Recommendations that Funds be Put to Better Use\n                                                             Number\n                                                                          Funds Put to\n                     Description                               of\n                                                                           Better Use\n                                                             Reports\n Reports for which final action had not been taken by the\n                                                                13              $0\n commencement of the reporting period.\n Reports on which management decisions were made\n                                                                    1           $0\n during the reporting period.\n Reports for which final action was taken during the\n                                                                    5           $0\n reporting period including:\n     x Dollar value of recommendations that were                                $0\n         actually completed.\n     x Dollar value of recommendations that\n         management has subsequently concluded                                  $0\n         should not or could not be completed.\n Reports for which no final action has been taken by the\n                                                                10              $0\n end of the reporting period.\n\n\n                                             A-1\n\n                        Appendix A: Chairman\xe2\x80\x99s Statistical Tables\n\x0c         U.S. International Trade Commission\n                                 Appendix A\n\n\n          Table C: Prior Year Management Decisions Without Final Action\n\nPrior Year Audit Reports On Which Management Decisions Have Been\n             Made but Final Action has Not Been Taken\n                                               Funds Put        Reason Final\n                                 Disallowed\n Audit Report     Date Issued                   to Better      Action has Not\n                                   Costs\n                                                   Use          Been Taken\n                                                              Provided in Part II B\nOIG-AR-04-05      09/27/2005         $0            $0          of the Chairman\xe2\x80\x99s\n                                                                    Message\n                                                              Provided in Part II B\nOIG-SP-11-12      09/09/2011         $0            $0          of the Chairman\xe2\x80\x99s\n                                                                    Message\n                                                              Provided in Part II B\nOIG-ER-12-07      01/25/2012         $0            $0          of the Chairman\xe2\x80\x99s\n                                                                    Message\n                                                              Provided in Part II B\nOIG-ER-12-08      06/13/2012         $0            $0          of the Chairman\xe2\x80\x99s\n                                                                    Message\n                                                              Provided in Part II B\nOIG-ER-12-09      06/20/2012         $0            $0          of the Chairman\xe2\x80\x99s\n                                                                    Message\n                                                              Provided in Part II B\nOIG-AR-12-10      8/16/2012          $0            $0          of the Chairman\xe2\x80\x99s\n                                                                    Message\n\n\n\n\n                                      A-2\n\n                  Appendix A: Chairman\xe2\x80\x99s Statistical Tables\n\x0c\xe2\x80\x9cThacher\xe2\x80\x99s Calculating Instrument\xe2\x80\x9d developed by Edwin Thacher in the late 1870s. It is a cylindrical, rotating slide\nrule able to quickly perform complex mathematical calculations involving roots and powers quickly. The instrument\nwas used by architects, engineers, and actuaries as a measuring device.\n\x0c\x0c'